The following sections list the ports used by the various components of BMC Server Automation:
Overview
These ports are required for a basic BMC Server Automation installation. Your firewall must allow communication through these ports for the associated components to function.
Note
Before you install the BMC Server Automation Console, make sure that port 9998 (TCP) is not being used. Installation of the console requires use of this port. If the port is already in use, the installer shows a progress bar but exits before launching and the installation fails.
To define port numbers that differ from the defaults, use the BMC Server Automation Application Server console (the blasadmin
utility) or use the BMC Server Automation Console (the Infrastructure Management window). For information about changing port numbers using the BMC Server Automation Console or the blasadmin
utility, see Configuring communication ports.
The following table lists the TCP/UDP ports used by the BMC Server Automation clients.
Port | Protocol | From | To | Notes |
---|---|---|---|---|
9840 (base + 40)1 | TCP | RCP (Client UI) | Authentication Service | Required port. This port is used for BMC Server Automation Console to Application Server communication, and is used in conjunction with the Java Management Extensions (JMX) port 9838 (by default) to authenticate the client AppSvcPort (port 9841 by default). |
9841 (base + 41)1 | TCP | RCP (Client UI) | Application Server | Required port. Listening port for the Application Service (that is, the service that accepts client connections). If this value is set to 0, the Application Server does not run an Application Service. By default the Application Service runs and listens on port 9841. |
9842 (base + 42)1 | TCP | NSH, Application Server | NSH Proxy | The listening port for a Network Shell Proxy Service. You must manually define a listening port for the default deployment of an Application Server. |
1 Application Server ports are normally configured from a base port, with 9800 being the default base port. A second Application Server on the same host will typically have a base port of 9900, and so on. Arbitrary port assignments can be made in all cases.
The following table lists the TCP/UDP ports used by the BMC Server Automation application server.
Port | Protocol | From | To | Notes |
---|---|---|---|---|
25 | SMTP (TCP) | Application Server | Mail Server | SMTP |
161 | SNMP (UDP) | Application Server |
| SNMP |
162 | SNMP (UDP) | Application Server |
| SNMPTRAP |
1080 | TCP | SOCKS client | SOCKS proxy | SOCKS Proxy protocol |
1433 | MS--SQL (TCP) | Application Server | SQL Server DB | Communication with the SQL database |
1521 | TNS (TCP) | Application Server | Oracle DB | Communication with the Oracle database. |
9700 | JMX (TCP) |
| Application Server Launcher | Default RMI registry port used for JMX communication to the Application Server Launcher. In order to perform Application Server Launcher operations, each Application Server host must have access to this port on every other Application Server host. |
9701 | TCP | Application Server | Application Server Launcher | Default communications port used for Application Server communication with the Application Server Launcher. The traffic type is incoming messages. Each managed Application Server uses this port to notify the Application Server Launcher that the Application Server is up and in a ready state. This communication is all local traffic for this port. |
9702 | TCP | Console | Application Server Launcher | Default RMI execution port used for JMX communication to the Application Server Launcher. In order to perform Application Server Launcher operations, each Application Server host must have access to this port on every other Application Server host. |
9836 (base + 36)1 | TCP | Application Server | RMI Registry | Required port. Listening port for traffic between Application Servers that cooperate by distributing jobs to each other |
9838 (base + 38)1 | TCP | Application Server | Jconsole or JMXCLI | Required port. JMX listener for Application Server |
9850-9899 (MinPort-MaxPort) | TCP | Application Server | Application Server | RMI communication ports. The MinPort-MaxPort range is configurable, with 9850-9899 being the default for a single Application Server. |
9843 | HTTPS | Web client | Application Server | Web services port |
1 Application Server ports are normally configured from a base port, with 9800 being the default base port. A second Application Server on the same host will typically have a base port of 9900, and so on. Arbitrary port assignments can be made in all cases.
The following table lists the TCP/UDP ports used by BMC Server Automation in provisioning.
Port | Protocol | From | To | Notes |
---|---|---|---|---|
671 | DHCP (UDP) | PXE client | DHCP service | (Windows and Linux provisioning) For PXE discovery and image transfer. |
68 | DHCP (UDP) | DHCP | PXE client | (Windows and Linux provisioning) BOOTP/DHCP port — A bare metal server listens on this port to receive the dynamic IP it has requested from the DHCP server. The server uses this IP to configure itself and access the network. Extended DHCP response to an initial extended DHCP request. |
69 | TFTP (TCP/UDP) | PXE client | TFTP Server | (Windows and Linux provisioning) Port used in provisioning for PXE discovery. The port on which the TFTP server listens. The bare metal target server downloads the initial boot image (the WinPE or gentoo image) over this port. |
80 | HTTP (TCP) | PXE client | PXE server | (Linux provisioning) Used for Linux PXE server. |
445 | SMB (TCP) | PXE client | PXE server | (Windows provisioning) Used for Windows PXE Servers. |
1433 | MS-SQL (TCP) | PXE server | SQL Server DB | (Windows and Linux provisioning) The PXE/TFTP server communicates directly to the database server over this port to determine which boot image to provide to the bare metal target server. |
1521 | TNS (TCP) | PXE server | Oracle DB | Port that the database listens on. Typically, port 1521 is for an Oracle database. |
4011 | DHCP (UDP) | PXE client | PXE server | (Windows and Linux provisioning) The PXE server listens on this port for DHCPREQUESTS from bare metal target servers when they boot for the first time. When both the PXE service and the DHCP service reside on the same server, both services cannot listen on the same port. In that case, this port is effectively the proxy DHCP. |
4750 | RSCD (TCP) | Application Server | RSCD agent | (Windows and Linux provisioning) Port used to communicate to the RSCD agent on a managed target server after it is provisioned. Note: After modifying the RSCD agent listening port, you must restart both the agent and the Application Server. |
9831 | TCP | Provisioning Client | Application Server | Required port. By default, the Application Server uses this port for SSL communication. |
1 The PXE server binds to port 67, a port that the DHCP server normally uses. However, PXE clients broadcast a DHCPDISCOVER packet with PXE-specific information to port 67. This communication enables the PXE server running on that port to identify the PXE client and initiate the provisioning process. For this reason, provisioning uses the same ports as the DHCP server.
The following table lists the TCP/UDP ports used by the BMC Server Automation RSCD Agents.
Port | Protocol | From | To | Notes |
---|---|---|---|---|
4750+ | TCP | BMC Server Automation Application Server | RSCD Agent (Managed Server) | Default port for all communication from application server to agent |
139 | TCP | BMC Server Automation Application Server | Target Windows Server | netbios port for Agent Installer Job/psexec |
445 | TCP | BMC Server Automation Application Server | Target Windows Server | microsoft-ds port for Agent installer job/psexec |
22* | TCP | BMC Server Automation Application Server | Target UNIX Server | ssh,scp port for Agent installer job (file copy and command execution) |
23* | TCP | BMC Server Automation Application Server | Target UNIX Server | telnet port for Agent installer Job (command execution) |
20,21* | UDP | BMC Server Automation Application Server | Target UNIX Server | ftp port for Agent Installer Job (file copy) |
139 | TCP | Windows RSCD Agent / Managed Server | CIFS/SMB Share | for AGENT_MOUNT deploy types |
445 | TCP | Windows RSCD Agent / Managed Server | CIFS/SMB Share | for AGENT_MOUNT deploy types |
NFS ports | TCP/UDP | RSCD Agent / Managed Server | NFS Share | for AGENT_MOUNT deploy types |
+ The RSCD Agent is registered with port 5750 with IANA, but the default port is 4750 (listed as ssad in most UNIX /etc/services files).
* For the UNIX agent installer, use either ssh or ftp/telnet to run the agent installer. Only the ports for the specific method of install need to be open.
The following table lists the TCP/UDP ports used by BMC Server Automation for remote facility communications (SOCKS, Repeater).
Port | Protocol | From | To | Notes |
---|---|---|---|---|
7717 | TCP | Certificate Manager | BMCCM Tuner | Usually local traffic only |
4750 | RSCD (TCP) | Application Server | RSCD Agent | Primary communication channel from Application Server to each managed host. |
The following table lists the TCP/UDP ports used in the communication with external authentication sources.
Port | Protocol | Authentication Type | From | To | Notes |
---|---|---|---|---|---|
88 | TCP & UDP | ADK, Domain Authentication | Application Server (and client system for ADK) | Windows Domain Controller/KDC | For ADK, because a Kerberos ticket is required, the client system must also be able to access the Domain Controller/KDC. |
389 | TLS/TCP | LDAP (LDAP + Start TLS) | Application Server | LDAP Server | |
80/443 | HTTP/HTTPS (TCP) | PKI | Application Server | OCSP server | Application Server needs access to the OCSP responder if OCSP is enabled. |
5500 | UDP | RSA | Application Server | RSA Server |